0 3 2D(fi 



PILLSBURY WINTHROP LLP, LOS ANGELES 
Serial No.: 09/472,314 - Confirmation No. 8582 
Notice of Allowance Date: January 31, 2005 
Title: SYSTEM & METHOD FOR PROVIDING.. 

Attorney Name: Roger R. Wise 
Tel.: (213) 488-7100 Docket No.: 81674-264191 
Sheet 1 of 5 




Client 




Client 




Client 


system 




system 




system 


3 


3 


3 



Fig.l 




Fig. 2 




PILLSBURY WINTHROP LLP, LOS ANGELES 
Serial No.: 09/472,314 - Confirmation No. 8582 
Notice of Allowance Date: January 31, 2005 
Title: SYSTEM & METHOD FOR PROVIDING.. 

Attorney Name: Roger R. Wise 
Tel.: (213) 488-7100 Docket No.: 81674-264191 
Sheet 2 of 5 




no 



Wait until 
client system is 
operational 



18 



11 



Key exchange 
processes executed 
between server 
system and client 
system 



12 



SA is stored in 
client system 




Fig. 3 



Jyesj_^ 



14 



Updating new 
SA into client 
system 




Using SA 
stored in client 
system to 
secure traffic 



15 



PILLSBURY WINTHROP LLP, LOS ANGELES 
Serial No.: 09/472,314 - Confirmation No. 8582 
Notice of Allowance Date: January 31, 2005 
Title: SYSTEM & METHOD FOR PROVIDING.. 

Attorney Name: Roger R. Wise 
Tel.: (213) 488-7100 Docket No.: 81674-264191 
Sheet 3 of 5 



Jyesj^ ^ 




Use previously negotiated SA 
to secure traffic until client 
system is operational 



Use previously negotiated SA 
to secure traffic until SA 
refresh timer has timed out 




Use previously 
negotiated SA 
to secure traffic 




Fig. 4 



Use nevily refreshed 
SA to secure traffic 



27 




PILLSBURY WINTHROP LLP, LOS ANGELES 
Serial No.: 09/472,314 - Confirmation No. 8582 
Notice of Allowance Date: January 31, 2005 
Title: SYSTEM & METHOD FOR PROVIDING.. 

Attorney Name: Roger R. Wise 
Tel.: (213) 488-7100 Docket No.: 81674-264191 
Sheet 4 of 5 




no 



Previously negotiated 
SA used to secure 
traffic until New S A 
available 



41 



New SA is 
stored in 
client system 



42 



Send "SA is 
ready for use' 
to server 




no 



Restore previously 
negotiated SA and use 
it to secure traffic 



Send "Confirmation" 
signal to server system 



45 



New S A used 
to secure traffic 



Fig. 5 



PILLSBURY WINTHROP LLP, LOS ANGELES ' 
Serial No.: 09/472,314 - Confirmation No. 8582 
Notice of Allowance Date: January 31, 2005 
Title: SYSTEM & METHOD FOR PROVIDING.. 

Attorney Name: Roger R. Wise 
Tel.: (213) 488-7100 Docket No.: 81674-264191 
Sheet 5 of 5 

y 



State of 
Client System 


State of 
Server System 


Attributes of Transition States 


OS up 


OS up 


inoec siacK on Doin ciieni anu server sysiems 
Newly negotiated SA Updated in client systenn if 
there is successful completion of SA refresh 


OS hung 


OS up 


IPSec stack not on client system 
Previously negotiated SA stored in client system is 
inhibited from being updated 


Pre-boot 


OS up 


IPSec stack not on client system 
Previously negotiated SA stored in client system is 
inhibited from being updated 


OS suspend 


OS up 


IPSec stack not on client system 
Previously negotiated SA stored in client system is 
inhibited from being updated 


Cold-boot 


OS up 


Client system does not have any security context 

f^onfioursitifin ontirtn ic nrnx/irloH for manantnn r*liont 

system without security 


Any state 


OS hung 


Client system is unmanageable by OS hung server 
system. 

Fault tolerant system is provided for switching 
control to secondary server system 


OS hung / Pre-boot 


Cold Boot 


Server system does not have any security context 
Configuration option is provided for managing client 
system without security 


Cold Boot 


Cold Boot 


Neither system has any security context 
Configuration option is provided for allowing traffic 
to be communicated in the clear 




Fig. 6 



